Michael Barbella, Managing Editor11.07.17
Call it the Year of Resolution.
The medtech industry showed steely resolve this year in the wake of political chaos and meteorological mayhem, shortening supply chains and streamlining operations to weather the impacts of a tyrannical hurricane trifecta, and maintaining the fight for full repeal of the 2.3 percent medical device tax.
That battle proved challenging, as the controversial levy became lost among a litany of woes endangering President Donald Trump’s legislative agenda, among them: multiple investigations into Russian interference in the 2016 election; former FBI Director James Comey’s controversial firing; staff infighting; the ban on transgender military personnel; high-profile resignations; the president’s word war with North Korean leader Kim Jong-un; and vacillating tensions with Congress.
Despite all the turmoil, the industry never strayed from its goal, though it did eventually adjust its expectations. “There are opportunities—fewer and fewer though to get full repeal,” Clayton Hall, vice president of government affairs for the Medical Device Manufacturers Association, told a Medmarc Insurance Group webinar audience in August. “The likeliest outcome right now is probably an additional suspension. But there are some opportunities to get full repeal. And that’s what we’re fighting for.”
Medtech’s mettle also manifested itself in the sector’s sustained progression toward value-based care, improved payer engagement, data analytics, and digital health. The U.S. Food and Drug Administration (FDA) helped champion the latter cause in September with a first-of-its-kind program designed to revolutionize digital health regulation in the United States. The FDA’s Pre-cert pilot program is intended to develop an approach toward digital health technology by looking at the software developer or digital health technology developer, rather than primarily at the product. Participants in the FDA’s precertification pilot program (FDA Pre-cert) include Apple, Fitbit, Johnson & Johnson, Pear Therapeutics, Phosphorus, Roche, Samsung, Tidepool, and Verily.
“Our method for regulating digital health products must recognize the unique and iterative characteristics of these products,” FDA Commissioner Scott Gottlieb said in launching the program. “We need to modernize our regulatory framework so that it matches the kind of innovation we’re being asked to evaluate, and helps foster beneficial technology while ensuring that consumers have access to high-quality, safe and effective digital health devices.”
Besides propelling its assimilation of digital health in 2017, the device industry’s resolve also brought resolution to a number of longstanding issues. St. Jude Medical Inc., for example, cleansed its sullied reputation over device cybersecurity shortfalls, while once-sworn enemies Abbott Laboratories Inc. and Alere Inc. (finally!) found common ground. And just in the nick of time, the president signed a new medical device user fee agreement into law, capping two years of often tense negotiations between the industry and FDA.
Insight into these and other defining moments of 2017 can be gleaned from Medical Product Outsourcing’s annual trip down memory lane. Enjoy the journey.
St. Jude Clears Its Muddy Waters
It ended almost as abruptly as it began.
St. Jude Medical Inc. closed one of the ugliest chapters in its 40-year history over the summer with the release of firmware updates to certain cardiac devices vulnerable to cybersecurity breaches. The unceremonious late August rollout stood in stark contrast to the company’s very public 12-month feud with global investment firm Muddy Waters Research LLC over software flaws that could have exposed St. Jude devices to hackers.
Muddy Waters fired the first volley in August 2016 by disclosing St. Jude’s implantable pacemaker and defibrillator security shortfalls in a 34-page report based on analyses from privately held cybersecurity research enterprise MedSec Holdings Inc. Calling St. Jude’s device security measures “hollow” and “egregious,” the report warned the medtech giant’s compromised products could lead to unnecessary health risks.
“We find STJ Cardiac Devices’ vulnerabilities orders of magnitude more worrying than the medical device hacks that have been publicly discussed in the past,” Muddy Waters wrote in its report, which it shared with both FDA and U.S. Department of Homeland Security officials. “STJ’s apparent lack of device security is egregious, and in our view, likely a product of years of neglect.”
St. Jude, of course, denied the allegations, branding the report as “false and misleading,” and accusing Muddy Waters of lacking a basic understanding of medical technology. It also reiterated its commitment to device cybersecurity.
The company retorted with a defamation lawsuit against Muddy Waters, MedSec Holdings, and other parties involved in the report. In the suit, a still-seething St. Jude argued that Muddy Waters deliberately lied about device security vulnerabilities in order to profit from sliding stock prices (shares fell as much as 10 percent on Aug. 25, 2016—the day the report was released). Moreover, St. Jude claimed Muddy Waters failed to follow standard protocol in sharing cybersecurity vulnerabilities with companies before publicly disclosing them.
“The motive for defendants’ approach is revealed in the first two sentences of the Muddy Waters report: ‘Muddy Waters Capital is short St. Jude Medical Inc.’ Defendants specifically intended to drive down the price of St. Jude’s stock, which they had previously sold short,” St. Jude’s lawsuit stated. “This insidious scheme to try to frighten and confuse patients and doctors by publicly disseminating false and unsubstantiated information in order to gain a financial windfall and thereby cause investors to panic and drive the St. Jude stock price down must be stopped and defendants must be held accountable so that such activity will not be incentivized and repeated in the future.”
Muddy Waters wasn’t too bothered by the charges, as it never denied short selling St. Jude stock (the report readily admits the data would be used in part to help build an “investment case”). But the firm clearly took offense to lawsuit as a whole, contending the filing represented an assault on free speech. “This case provides fundamental issues of First Amendment freedoms,” Muddy Waters countered in an October 2016 court filing. “[St. Jude] seeks to punish and prevent vital discussions about significant risks to the lives and health of ordinary Americans.”
The battle would likely have continued indefinitely had it not been for sharp-eyed FDA inspectors. In January 2017, just days after Abbott Laboratories completed its $25 billion acquisition of St. Jude, the company issued a software patch for its Merlin@home wireless transmitter, a product used to transmit patient data from implantable pacemakers and defibrillators to physicians. An FDA Safety Communication released just days before the patch warned that St. Jude’s implantable cardiac devices used with its Merlin@home wireless transmitter could be “vulnerable to cybersecurity intrusions and exploits,” potentially allowing hackers to remotely access the devices and drain pacemaker battery life, change programmed settings, or even alter the beats and rhythm of the device (though such attacks have never occurred). But an assessment of the software patch found the devices’ health benefits outweigh its cybersecurity risks.
An FDA inspection in February 2017 ultimately turned the tide of war, however. A 10-day checkup of St. Jude’s Sylmar, Calif., facility revealed the company had not adequately addressed the agency’s cybersecurity concerns about the Merlin transmitter. Notably, the FDA observed failures related to corrective and preventive actions, controls, design verification, and design validation. The failures, according to FDA inspectors, rendered some devices “adulterated” under federal law.
With regulatory and fiscal ramifications looming, St. Jude (now Abbott) brokered a cease-fire, issuing a firmware update mere days after the one-year anniversary of Muddy Waters’ scathing cybersecurity report. The FDA-approved update affects the company’s Accent, Accent MRI, Accent ST, Allure, Anthem, and Assurity pacemaker models. An estimated 465,000 U.S. pacemakers are impacted by the update, though there may be an unknown number impacted overseas.
The firmware update is targeted primarily at patients implanted with the affected models of St. Jude’s pacemakers, and healthcare professionals using the devices. In a letter sent to doctors, Abbott noted the three-minute update must be delivered in-person, and advises clinicians to install the patch only if “appropriate given the risk of update for the patient.”
Abbott’s fix is part of Merlin@home v8.2.2, but pacemakers manufactured from Aug. 28, 2017, will already contain the security patch.
“Connected devices are having a significant positive impact for patients and their health,” Robert Ford, executive vice president of Medical Devices for Abbott, said upon the firmware update release. “To further protect our patients, Abbott has developed new firmware with additional security measures that can be installed on our pacemakers. All industries need to be constantly vigilant against unauthorized access. This isn’t a static process, which is why we’re working with others in the healthcare sector to ensure we’re proactively addressing common topics to further advance the security of devices and systems.”
Muddy no more.
Read more: http://bit.ly/yir1701
Less Volume, More Value
Spectrum Health is finding it hard to let go of tradition.
Despite all its innovations in telehealth and digital medicine, the non-profit healthcare system in Western Michigan still manages its supply chain the old-fashioned way—with paper and pencil.
Not surprisingly, such an archaic method has spawned more than its fair share of old-fashioned headaches, namely, keeping abreast of product supply levels and value. Earlier this year, however, the 12-hospital network began modernizing its supply chain management program through a Johnson & Johnson initiative designed to help health systems navigate value-based care.
Using data analytics to identify “critical interdependencies” between performance metrics and ordering behaviors, J&J’s CareAdvantage offering helped Spectrum Health cut weekly out-of-stock devices by 49 percent. Moreover, the program enabled the hospital network to reduce expedited shipping fees a staggering 96 percent and the average number of stock-less days by 18 percent.
“Johnson & Johnson uses its computing power to pull data, run reports, and give recommendations on changing a particular part number. Some part numbers had not been looked at for a while and we were using more supplies and running out as the delivery system grew. We never looked back to see,” Kurt Knoth, Spectrum Health system supply chain vice president, told the New York, N.Y.-based trade journal Health Data Management in August. “There is so much opportunity out there that just gets hidden. Every dollar saved through the supply chain means less worrying about how to pay for doctors and nurses, or cutting people or supplies, while better supporting clinicians.”
And better clinician support ultimately leads to better patient outcomes, a key driver of business model innovation within the value-driven healthcare sphere. In many cases, these strategies are expanding beyond products to include devices and services that reward value rather than volume and meet increasing payer, provider, patient, and caregiver demands.
Some companies are building new business models around data and analytics in an effort to demonstrate value to payers and influence patient behavior. J&J’s 10-month-old CareAdvantage initiative, for instance, analyzes data, identifies mutual areas of focus, and clearly defines goals and responsibilities to improve supply chain optimization. The program helped Salt Lake City, Utah-based Intermountain Healthcare increase inventory returns by 25 percent, save $17,000 annually in product costs, and reduce stockouts 40 percent. “When you’re spending all your time talking about inventory, it’s hard to get to what truly matters,” declared Gordon Slade, supply chain logistics director for the 22-hospital Intermountain network. “Improving outcomes and quality of life—those are the conversations we want to be having, rather than, ‘we might be out of stock.’ “
J&J launched the CareAdvantage service in January, touting it as a “holistic, data-driven approach, grounded in insights” to help companies shift to alternative payment models tied to quality or value. The Advanced Medical Technology Association (AdvaMed) followed suit four months later, launching a new initiative called “Value Framework” to help medtech firms formulate value-based arguments.
AdvaMed’s program features extensive tables of questions, diagnostic technology-specific tools, and reports on understanding evidence and use cases. The framework also allows for different patient populations and urges device companies to contemplate product value over various timeframes (i.e., short- and long-term).
Under development for roughly two years with Deloitte Consulting LLP, the framework incorporates four key “value drivers” critical to understanding any assessment of technology:
“These value drivers go beyond traditional clinical efficiency to capture economic impact across all parts of the healthcare ecosystem, as well as newer patient-focused considerations,” explained Mary Cummins, principal, Deloitte Consulting, life sciences and healthcare strategy practice. “The drivers take into account how a medical technology can impact care delivery and enable meaningful improvements in effectiveness and efficiency that providers and payers need.”
Besides helping medtech firms create comprehensive value-based arguments for existing devices, AdvaMed’s framework encourages manufacturers to integrate value-based thinking into the earliest stages of product development, from ideation and design to evidence collection and regulatory approval.
Whether broad or narrow in scope, medtech business models that embrace value-based care are fundamentally different from traditional fee-for-service contracts, as they require up-front investments and risk sharing. The plans themselves vary greatly, with some companies forging broad, multi-year partnerships that help payers and providers solve difficult challenges. Others are more product-centric but significantly change the way device firms are paid by linking reimbursement to demonstrated outcomes.
J&J and Medtronic plc chose the latter strategy, negotiating agreements this past spring with insurance giant Aetna for value-based pricing that ties payments to outcomes such as A1c levels. The insurer’s contract with J&J applies to the company’s OneTouch Vibe and Ping insulin pumps, while Medtronic’s pact covers pumps featuring SmartGuard technology, including the MiniMed 670G system, the industry’s first hybrid closed loop system.
Medtronic’s contract requires the firm to pay Aetna rebates for type 1 and type 2 diabetics whose health fails to reach “clinical improvement thresholds” after switching to its pumps from multiple daily insulin injections. “This agreement reinforces our shift towards value-based healthcare,” Hooman Hakami, president of the Diabetes Group at Medtronic, said in publicizing the Aetna agreement. “We know technology alone isn’t enough and ultimately, improved outcomes are what matter.”
Read more: http://bit.ly/yir1702
MDUFA 4.0
It was an unusual bill signing, to say the least.
There were no photo opps, no Oval Office guest lists, no special pens, and no speeches. Most surprisingly, there were no theatrics: Not one narcissistic remark was made, or self-serving tweet was sent.
Really.
It was, for all intents and purposes, a rare display of reclusion by President Donald J. Trump.
Thus marked the sequestered birth of the much-debated, long-awaited FDA Reauthorization Act of 2017 (FDARA), signed into law quietly and unceremoniously on Aug. 18. The Trump-approved legislation includes the sixth rendition of prescription drug user fees, the fourth iteration of medical device user fees, and the second versions of both the biosimilar and generic drug user fee agreements.
Capping two years of FDA negotiations with industry and stakeholders, FDARA sets user fees through fiscal 2022 and finances roughly 60 percent of the agency’s pre-market review costs. Under the law’s Medical Device User Fee Amendments (MDUFA IV), FDA is authorized to collect $183.3 million in FY18 fees, a 30 percent increase from the previous year’s post-adjustment estimate.
“FDARA builds upon the goals outlined in previous user fee agreements and in the 21st Century Cures Act and will help us continue the essential work we are doing in many of our priority areas,” directors of the FDA’s drug, device, and biologics centers wrote in an Aug. 21 blog on the agency’s website. “The new law provides critical support for important FDA activities related to medical product regulation.”
Among the support provided by MDUFA IV includes enabling FDA to inspect medical device facilities based on risk, and establishing a flexible, more efficient path to market for certain product accessories. The risk-based inspections, according to FDA officials, will allow the agency’s Center for Devices and Radiological Health to better focus its resources while providing greater predictability and transparency to the inspection process.
MDUFA IV also sets performance goals for various regulatory sanctions, committing for the first time to deciding half of all fiscal 2018 de novo requests within 150 days of filing, and resolving pre-submission meeting applications within two weeks. In addition, the agency agreed to provide written feedback for pre-submissions within 70 days or five days before a scheduled meeting for at least 1,530 pre-submissions received in FY18.
For 510(k) applications, FDA aims to decide 95 percent of 510(k) submissions within 90 days of filing and document an application’s problems after 100 days. PMA reviews have a similar timeline, requiring FDA to relay deficiencies to 95 percent of applicants within 60 days of filing and issue a decision for 90 percent of submissions not requiring an Advisory Committee review within 180 days.
“The MDUFA IV agreement...will expedite the availability of innovative new products, and its enhancements will continue to increase the efficiency of FDA’s programs,” Jeffrey Shuren, M.D., J.D., director of FDA’s Center for Devices and Radiological Health, told a U.S. Senate committee in March. “Improvements in total time to decision, transparency, consistency, and predictability will benefit industry, healthcare providers, and most importantly, patients.”
And FDA as well. MDUFA IV raises user fees for all regulatory submissions, with most averaging a 33 percent hike. The law, which took effect Oct. 1, softens the blow a bit for small businesses (less than $100 million in sales), though it doesn’t exempt them from a 37 percent increase in FDA Establishment fees, or lower any prices as in years past.
Nevertheless, the most significant MDUFA IV fees and hikes are ascribed to FDA’s 510(k) applications and de novo reviews. The agreement more than doubles 510(k) fees for moderate and large-size companies ($4,690 to $10,566) and boosts application costs 13 percent for small firms ($2,345 to $2,642).
The pecuniary onus is even greater for de novo reviews, as the law establishes first-time charges of $23,307 for small companies and a staggering $93,229 for moderate/large entities. Pediatric device submissions are exempt from the fees, as are uncommercialized state- or federal government-driven innovations. The law also waives fees for companies providing FDA with additional data on previously submitted de novo filings.
Resubmissions, however, are subject to additional user fees based on the applicant’s new (or old) chosen market pathway, according to MDUFA IV.
In exchange for its costly de novo fees, FDA promises to improve review times over the next five years, aiming to provide a final decision with 150 days for 70 percent of de novo requests submitted in FY2022. The goal seems practical, considering the amount of work involved with de novo submissions, and FDA’s perpetual failure to meet the statutorily-defined 120-day review period.
De novo review times have fallen significantly since 2009, but the process is still slow and unpredictable, averaging about 259 days, according to FDA data. Further reductions, though, could provide companies with a better, more predictable market pathway and consequently justify the new fees.
“The de novo pathway is essential for allowing brand technology to be incorporated into the whole 510(k) process because otherwise, they’d all have to go PMA, which is completely unrealistic and would kill a lot of technologies,” medtech law attorney Jeffrey K. Shapiro of Washington, D.C., told Bloomberg BNA in June. “I think that while the user fees are going to be a burden on industry, particularly small companies, there will be a trade-off in terms of greater certainty and a reduction in the timeline and greater predictability. I think investors are going to be happier factoring in paying the fees and getting that certainty of time to be able to get to market.”
Perhaps, but not all companies are willing to make such concessions. Healthcare attorney Bradley Merrill Thompson contends the high fees could make the PMA process more appealing to larger companies and discourage financially- strapped smaller firms from developing “groundbreaking innovations.”
“The bottom line is I started to see some hope for the process,” he noted to Bloomberg BNA, “but the amount of the user fee I fear will discourage innovation.”
Michael Drues agrees.
“I’m not against having a de novo user fee, but the numbers concern me quite a bit,” said Drues, a Ph.D. and president of Grafton, Mass.-based Vascular Sciences, an education, training, and consulting company offering a range of services to medical device, pharmaceutical, and biotech firms. “Comparing the de novo fee to a 510(k), the de novo fee is 10 times more. The question is why? To be fair, a de novo is a little more work for the FDA—a new regulation and product code have to be created, and in some cases, special controls have to be created. But is it 10 times more work for the FDA than a 510(k)? Absolutely not. I think if we are going to have de novo user fees they should be comparable or perhaps slightly higher than a 510(k) but certainly not a 10-fold increase. Can you think of any better way to stifle or kill innovation than by creating those kinds of user fees for the de novo?”
No better way at all.
Read more: http://bit.ly/yir1704
WannaCry? Think Cyber(in)security
Tempers tend to flare around Billy Rios.
As a professional computer hacker, the former U.S. Marine walks a fine line between sinner and saint, deliberately exposing cybersecurity flaws to the dismay of a digitalized planet. He’s tampered with weapons systems, aircraft components, hospital IT networks, Internet search engines, and in a personal coup de grace, has even infiltrated America’s electrical grid, successfully breaching Washington State’s largest public utility two years ago to help officials there better safeguard the power supply.
Many of Rios’ clients have jumped at the chance to fix their network vulnerabilities following escalating cyber attacks but a few of his hacking targets have been slow to improve security despite the obvious risks of complacency. Some of Rios’ most vocal critics hail from the healthcare arena, an industry that digital saboteurs claim is woefully unprepared to protect its technology or its patients.
Those critics have swelled significantly in rank over the last several years as Rios and other independent researchers have dramatically exploited security flaws in pacemakers and insulin infusion pumps. In one now infamous case, a security consultant and diabetic hijacked his own insulin pump at a global hacking conference, demonstrating the ease with which it could be controlled to deliver a potentially lethal dose. Shortly thereafter, a New Zealand hacker publicly shared the blueprint for pacemaker tampering, and Rios followed suit by tampering with an eBay purchased infusion pump, eventually disclosing the breach to the federal government via home video.
Not surprisingly, the attacks angered medical device makers and hospital administrators, who accused the hackers of fear mongering. Rios recalled to Bloomberg a particularly troubling instance of beratement during a 2014 conference call with device vendors and industry executives. “It wasn’t just someone saying, ‘Hey, you suck,’ or something, but truly, literally, screaming,” he told the magazine. “All their devices are getting compromised, all their systems are getting compromised. All their clinical applications are getting compromised—and no one cares. It’s just ridiculous, right? And anyone who tries to justify that it’s OK is not living in this world. They’re in a fantasyland.”
There are likely far fewer residents of that dream world nowadays as the medtech industry contends with fallout from the springtime blitz of the WannaCry cryptoworm and Petya malware attacks. Both incidents left collateral damage in the healthcare sector and intensified demands for improved device cybersecurity.
The May 12 WannaCry assault infected roughly 200,000 Microsoft Windows systems in 150 countries, locking down computers at 48 U.K. hospital trusts and contaminating Bayer AG-branded radiology equipment used to improve MRI imaging. The German multinational was reluctant at first to confirm the casualty but eventually identified the affected products as the Medrad Stellant and Medrad MRXperion control room units (Certegra Workstations), Certegra and VirtualCare devices, Medrad Intego RDMS, and Certegra Connect.CT.
Like other victims, Bayer scrambled to deploy a Microsoft security patch that was released in March but not widely implemented. BD, GE Healthcare, and Siemens all warned customers of the potential for WannaCry contagion without explicitly affirming whether the ransomware impacted their equipment. BD provided its clients with a list of more than two dozen products running Microsoft Windows operating systems (BD Alaris Server, BD EpiCenter, BD FACS Aria Fusion, BD FACS Celesta, BD GenCell CliC, BD Kiestra InoqulA, among others), while Siemens admitted its Multi-Modality Workplace (a hospital radiology imaging platform) and MAGNETOM MRI (magnetic resonance imaging) tubes were susceptible to the worm.
“WannaCry proves how insecure these devices are,” Christopher Frenz, infrastructure director at New York, N.Y.-based Interfaith Medical Center, noted at an August hacker conference. “It wasn’t even targeted to medical devices and it was still picked up.”
Petya was equally as unsparing when it struck in late June. Mostly impacting the finance, oil and gas, and manufacturing industries, the ransomware also corrupted thousands of computer systems at pharmaceutical giant Merck and crippled a hospital system north of Pittsburgh, Pa. The outbreak spread through an update sent by Ukranian financial software firm MeDoc, according to a security researcher credited with ending the WannaCry epidemic.
Besides slowing operations at Boryspyl International Airport near Ukraine’s capital Kyiv and impacting the radiation monitoring system at the Chernobyl nuclear plant ruins, Petya forced the cancellations of some surgeries at Beaver, Pa.-based Heritage Valley Health System. It also compromised operations at Heritage’s two hospitals and 18 satellite centers.
“Every time we see something successful like WannaCry and Petya, you see other actors learning from that rather quickly, and they are able to replicate that style of attack,” Chris Wysopal, co-founder and chief technology officer at Burlington, Mass., cybersecurity firm Veracode, told the Miami Herald in August. “It’s going to get worse.”
Such gloomy prospects helped spawned a legislative proposal this fall to create a public-private stakeholder partnership for mitigating medtech cybersecurity risks. The alliance, spearheaded by the U.S. Food and Drug Administration, would identify the top cybersecurity standards, frameworks, and best practices currently available to address medtech safety vulnerabilities. The group would be required to issue a progress report within 18 months.
Introduced Oct. 5 by U.S. Reps. Susan Brooks (R-Ind.) and Dave Trott (R-Mich.), the Internet of Medical Things Resilience Partnership Act builds on recommendations issued by the Health Care Industry Cybersecurity Task Force earlier this year.
“There are millions of medical devices susceptible to cyber attacks and oftentimes, we are wearing these networked technologies or even have them imbedded in our bodies,” Brooks said upon introducing the bill. “Bad actors are not only looking to access sensitive information, but they are also trying to manipulate device functionality. This can lead to life-threatening cyber-attacks on devices ranging from monitors and infusion pumps, to ventilators and radiological technologies.”
“As the number of connected medical devices continue to grow, so does the urgency to establish guidelines for how to prevent these kinds of dangerous attacks,” she added. “It is essential to provide a framework for companies and consumers to follow so we can ensure the medical devices countless Americans rely on and systems that keep track of our health data are protected.”
Perhaps then medtech will WannaCry for joy.
Read more: http://bit.ly/yir1706a
If at First You Don’t Succeed...Fail, Fail Again
The headlines read like a comedy of errors.
“Obamacare Repeal Might Have Just Died Tonight,” New York magazine reported in early January.
Five months later, the magazine ran stories within days of each other on stalled repeal efforts and past strategies for killing the controversial healthcare law. Its long-awaited death seemed close, if not imminent, according to news accounts.
Then, damnation— “Obamacare Lives.” (July 28)
Followed by a confirmation: “Obamacare is Officially Not Collapsing.” (Aug. 24)
Curses! Time to move on.
Or not: “Hold On—Could the GOP’s Last-Ditch Effort to Kill Obamacare Actually Pass?” (Sept. 15)
Nope. False alarm. “The GOP’s Latest Attempt to Repeal Obamacare Won’t Even Get a Vote.” (Sept. 26)
A frustrated Donald Trump was willing to work with Democrats on fixing Obamacare until House Speaker Paul Ryan nixed the idea in the fall. ”Ryan Rejects Bipartisan Health-Care ‘Fix,’ and Now Trump Does Too.” (Oct. 18)
But why listen to Ryan? “Why You Might be Seeing Bipartisan Health-Care Bill in December.” (Oct. 19)
Indeed, Obamacare—a.k.a., the 2010 Affordable Care Act (ACA)—led a wildly chaotic existence this year as President Trump and his Republican cohorts worked to unravel President Barack Obama’s signature domestic achievement. Their tactics changed as often as Trump’s version of the truth, angering Democrats, confounding constituents, and ultimately spawning an independent battle plan from the commander-in-chief himself.
Trump’s solo campaign against Obamacare entailed scrapping health insurance subsidies for low-income families and authorizing the sales of cheaper policies with fewer benefits and fewer consumer protections. The strategy rattled America’s healthcare and political worlds, as it threatened to boost premiums, disrupt insurance markets, and shove Republicans into a renewed civil war over the ACA.
U.S. Senate Health Committee Chairman Lamar Alexander (R-Tenn.) tried heading off hostilities via a bipartisan solution he negotiated with U.S. Sen. Patty Murray (D-Wash.) that would fund cost-sharing insurer subsidies for two years and give states more flexibility to waive Obamacare rules. The proposed legislation also would let more people sign up for high-deductible healthcare insurance, encourage the sale of policies across state lines, and streamline the process of obtaining federal regulatory waivers for innovative health insurance plans.
Perhaps most importantly, the changes offered under the Alexander-Murray compromise upheld protections for patients with pre-existing conditions and maintained coverage for essential health services like maternity care and cancer treatment. The untitled bill had garnered 24 co-sponsors as of Oct. 19—12 from each political party.
“Every Republican in the House of Representatives who voted to repeal and replace Obamacare this year voted for a provision that continued the cost-sharing payments for two years,” Alexander said. “Our bill does the same thing.”
Maybe so, but it nevertheless faces an uphill battle for support: Senate Finance Committee Chairman Orrin G. Hatch wasn’t impressed with the bill (“It’s more of the same. More big spending, more big government, more lack of a solution,” the Utah Republican told CQ Roll Call), and U.S. Rep. Mark Walker (R-N.C.), dissed the deal on social media.
“The GOP should focus on repealing and replacing ObamaCare, not on trying to save it,” the Republican Study Committee chairman wrote on Twitter. “This bailout is unacceptable.”
President Trump thought so too.
“I am supportive of Lamar as a person & also of the process, but I can never support bailing out ins co’s who have made a fortune w/O’Care,” the president tweeted on Oct. 18.
Missing in all of Trump’s ACA twitter noise was his thoughts on the 2.3 percent medical device tax. The president—and Congress, for the most part—were unusually tight-lipped about the levy this year, leaving the medtech industry staring down old demons as the final weeks of suspension drew to a close.
Created in 2010 to help fund expanded healthcare coverage under the ACA, the device tax was suspended for two years in late 2015 as part of a compromise $1.8 trillion spending package. The levy is scheduled to be reinstated on Jan. 1 unless lawmakers act by year’s end to further suspend or repeal it—an outcome that is becoming increasingly unlikely considering the Trump administration’s multiple fumbles with replacing Obamacare.
“Congress must act now to permanently repeal the device tax. Otherwise, medical technology companies will be hit with a tax increase of $20 billion at the end of the year, which will create a ripple effect for years to come,” Todd Usen, president of the Medical Systems Group at Olympus Corp. of the Americas, wrote in a late-summer op-ed column in the Philadelphia Inquirer. “As a global health-care company focused on minimally invasive medical solutions, we know firsthand the medical device tax will disrupt the industry’s ability to make investments in research and development and bolster the long-term medical innovation pipeline. The industry is making budgetary and planning decisions now that will impact innovations in a decade and needs the certainty that would be engendered through full repeal.”
Industry leaders fought fervently against the tax since its 2013 implementation, arguing the levy decimated the funding necessary to drive innovation and fuel growth. The American Action Forum estimates the device tax cost the industry more than 28,800 jobs during its three-year lifecycle, and warns its resurgence could eliminate another 25,000 positions through 2021.
Reinstatement also is likely to force some old habits: Eighty-eight percent of “innovators” plan to slow hiring and/or eliminate jobs upon the tax’s return, and 77 percent will either slow or stop expansion plans, according to a survey of more than 100 medtech companies by the Washington, D.C.-based Medical Device Manufacturers Association (MDMA). Additionally, 83 percent of the group’s survey respondents said they would decrease R&D investments if the tax took effect again.
“Medical technology innovators have already made difficult decisions as a result of the uncertainty over the device tax, and now is the time to put a permanent end to a policy that the overwhelming majority of Congress agrees is a bad idea,” MDMA President and CEO Mark Leahey said in formal statement in October. “There continues to be strong bipartisan support to repeal the medical device tax, but time is of the essence. It hovers like a dark cloud over innovation and job creation, and it is critical that Congress finishes the job.”
Start preparing for the rainstorm—just in case.
Read more: http://bit.ly/yir1705
Seeking Scale and Scope
And the two became one. Finally.
Abbott Laboratories and Alere Inc. united in wedded bliss this fall, capping a contentious and at times confrontational, 20-month engagement tainted by lawsuits, accounting snafus, an SEC fine, and ultimately, a lower dowry. The pair marched down the mega-merger aisle on Oct. 3—610 days after first going public with their courtship and just a week after the union was sanctioned by U.S. and Canadian anti-trust regulators.
To receive the regulatory blessings, Alere divested its blood gas and cardiac marker testing systems; among them was the Blood Analysis System, which measures blood gas, electrolytes, and metabolites within 30 seconds at bedside.
Abbott expects the marriage to be accretive next year, though a happily-ever-after ending isn’t a guarantee for the couple, as Alere remains under federal investigation for potential Foreign Corrupt Practices Act violations, and continues to spend millions of dollars on diabetes testing supplies that are not insured. Still, Abbott considers its troubled partner to be well worth the $5.3 billion investment, since the union enables the multinational firm to gain significant traction in the fast-growing “point-of-care” market, a sector forecast to nearly double in value over the next five years to $40.5 billion, according to industry data. Perhaps more importantly, however, the alliance also helps Abbott secure gains and boost market share in an otherwise sluggish growth environment.
“Strategically shaping the company to compete and succeed through internal investment and M&A is part of our DNA,” Abbott spokesman Scott Stoffel told the Chicago Tribune after the Alere deal closed.
That same DNA coursed through the veins of many a medtech firm this year as device makers brokered deals that secured long-term growth through diversification and economies of scale. The three mega-mergers announced in the first half of 2017 tellingly illustrate the need for scale in increasingly competitive therapeutic areas. Abbott’s $25 billion consolidation with St. Jude Medical Inc., for example, created a formidable leader in the atrial fibrillation, structural heart, and heart failure markets. It also expanded Abbott ‘s footprint in the high-growth neuromodulation sector.
Similarly, Essilor International SA’s $25.2 billion purchase of Luxottica Group SpA combined the world’s largest ophthalmic device manufacturer with an eyewear retail giant, spawning a visual health and eyewear group worth more than 15 billion euros. The deal, announced in January, is the fourth-largest acquisition in medtech history and Essilor’s largest deal to date (before purchasing Luxottica, Essilor’s biggest M&A transaction was its $1.9 billion merger with Transition Optics in 2013). “Scale matters in a space where both Essilor and Luxottica have experienced slowing sales growth as a result of competition from less expensive online rivals,” EY analysts state in the firm’s Pulse of the Industry 2017 report.
Scale also matters outside the visual health space. Accordingly, Becton, Dickinson and Company (BD) easily topped its 2014 megadeal for CareFusion with April’s $24 billion acquisition of C.R. Bard Inc., an S&P 500 firm best known for developing the Foley catheter in 1934. The union gives BD scale in hospital supplies, combining Bard’s minimally invasive devices and ports in the peripheral vascular, urology, hernia, and high-growth oncology and surgery areas with BD’s offerings in intravenous drug delivery systems. With a combined revenue of more than $16 billion, the beefed-up company is expected to boost BD’s non-U.S. growth options in such markets as China, and raise per-share earnings in fiscal year 2019. Moreover, roughly $300 million in annual “pre-tax run-rate cost synergies” are forecast by 2020.
“Consolidating these businesses should enable BD to grow revenue in an area where hospital systems, which have increased their own heft via mergers, are focused on reducing care costs,” EY’s Pulse report notes. “By adding Bard’s products to its portfolio, BD hopes efficiencies of scale and greater volume can boost its fortunes in an era where margins are increasingly tight.”
Better fortunes drove numerous deals this year, matching Allergan plc and ZELTIQ Aesthetics Inc. (2.48 billion); Fresenius Medical Care and NxStage Medical Inc. ($2 billion); Royal Philips and The Spectranetics Corporation ($1.9 billion); Teleflex Inc. and Vascular Solutions ($1 billion); Boston Scientific Corp. and Symetis SA ($435 million); and PerkinElmer Inc. and Euroimmun Medical Laboratory Diagnostics AG ($1.3 billion). The latter merger adds scale to PerkinElmer’s in-vitro diagnostics business while also boosting the company’s footprint outside the United States, particularly in China.
Global expansion and categorical leadership, however, were not the only motivations for corporate hookups. Diversification sparked various unions in 2017, pairing Allergan with Acelity L.P. ($2.9 billion), Svenska Cellulosa Aktiebolaget and BSN medical ($2.86 billion), Hologic with Cynosure ($1.7 billion), Stryker Corp. and Novadaq Technologies ($701 million), and Cardinal Health with Medtronic plc’s medical supplies business. Cardinal’s $6.1 billion cash deal for Medtronic’s patient care, deep vein thrombosis, and nutritional insufficiency units added 23 product categories to the company’s overall lineup, including brands such as Curity, Kendall, Dover, Argyle, and Kangaroo.
While the purchase most certainly expands Cardinal’s reach into the operating room and long-term care areas—domains it fortified two years ago with the acquisition of Johnson & Johnson’s Cordis unit—it also enables the company to diversify beyond its core pharmaceutical business and foster future growth through complementary offerings.
Diversification wasn’t the sole incentive for the Cardinal-Medtronic deal, though. The sale enabled Medtronic to divest a slower-growing business unit it gained as part of its $50 billion merger with Covidien and focus on higher-growth opportunities in its core competency areas (cardiac, vascular, and minimally invasive therapies). Likewise, J&J streamlined its portfolio by selling its Codman Neurosurgery business to Integra LifeSciences Holdings Corp. for $1 billion in February.
“Divestitures and spin-outs allow medtechs to capture additional value by improving capital efficiency, reducing operational complexity, and reallocating capital to higher-growth businesses as the industry invests more R&D dollars in the development of innovative products that demonstrate value in an era of price pressures,” the EY report declares. “Indeed, Medtronic’s sale of its medical supplies business to Cardinal Health and Johnson & Johnson’s divestiture of Codman Neurosurgery to Integra LifeSciences suggest capital efficiency and portfolio optimization will be an ongoing trend in 2018.”
Time will tell.
Read more: http://bit.ly/yir1707
The medtech industry showed steely resolve this year in the wake of political chaos and meteorological mayhem, shortening supply chains and streamlining operations to weather the impacts of a tyrannical hurricane trifecta, and maintaining the fight for full repeal of the 2.3 percent medical device tax.
That battle proved challenging, as the controversial levy became lost among a litany of woes endangering President Donald Trump’s legislative agenda, among them: multiple investigations into Russian interference in the 2016 election; former FBI Director James Comey’s controversial firing; staff infighting; the ban on transgender military personnel; high-profile resignations; the president’s word war with North Korean leader Kim Jong-un; and vacillating tensions with Congress.
Despite all the turmoil, the industry never strayed from its goal, though it did eventually adjust its expectations. “There are opportunities—fewer and fewer though to get full repeal,” Clayton Hall, vice president of government affairs for the Medical Device Manufacturers Association, told a Medmarc Insurance Group webinar audience in August. “The likeliest outcome right now is probably an additional suspension. But there are some opportunities to get full repeal. And that’s what we’re fighting for.”
Medtech’s mettle also manifested itself in the sector’s sustained progression toward value-based care, improved payer engagement, data analytics, and digital health. The U.S. Food and Drug Administration (FDA) helped champion the latter cause in September with a first-of-its-kind program designed to revolutionize digital health regulation in the United States. The FDA’s Pre-cert pilot program is intended to develop an approach toward digital health technology by looking at the software developer or digital health technology developer, rather than primarily at the product. Participants in the FDA’s precertification pilot program (FDA Pre-cert) include Apple, Fitbit, Johnson & Johnson, Pear Therapeutics, Phosphorus, Roche, Samsung, Tidepool, and Verily.
“Our method for regulating digital health products must recognize the unique and iterative characteristics of these products,” FDA Commissioner Scott Gottlieb said in launching the program. “We need to modernize our regulatory framework so that it matches the kind of innovation we’re being asked to evaluate, and helps foster beneficial technology while ensuring that consumers have access to high-quality, safe and effective digital health devices.”
Besides propelling its assimilation of digital health in 2017, the device industry’s resolve also brought resolution to a number of longstanding issues. St. Jude Medical Inc., for example, cleansed its sullied reputation over device cybersecurity shortfalls, while once-sworn enemies Abbott Laboratories Inc. and Alere Inc. (finally!) found common ground. And just in the nick of time, the president signed a new medical device user fee agreement into law, capping two years of often tense negotiations between the industry and FDA.
Insight into these and other defining moments of 2017 can be gleaned from Medical Product Outsourcing’s annual trip down memory lane. Enjoy the journey.
St. Jude Clears Its Muddy Waters
It ended almost as abruptly as it began.
St. Jude Medical Inc. closed one of the ugliest chapters in its 40-year history over the summer with the release of firmware updates to certain cardiac devices vulnerable to cybersecurity breaches. The unceremonious late August rollout stood in stark contrast to the company’s very public 12-month feud with global investment firm Muddy Waters Research LLC over software flaws that could have exposed St. Jude devices to hackers.
Muddy Waters fired the first volley in August 2016 by disclosing St. Jude’s implantable pacemaker and defibrillator security shortfalls in a 34-page report based on analyses from privately held cybersecurity research enterprise MedSec Holdings Inc. Calling St. Jude’s device security measures “hollow” and “egregious,” the report warned the medtech giant’s compromised products could lead to unnecessary health risks.
“We find STJ Cardiac Devices’ vulnerabilities orders of magnitude more worrying than the medical device hacks that have been publicly discussed in the past,” Muddy Waters wrote in its report, which it shared with both FDA and U.S. Department of Homeland Security officials. “STJ’s apparent lack of device security is egregious, and in our view, likely a product of years of neglect.”
St. Jude, of course, denied the allegations, branding the report as “false and misleading,” and accusing Muddy Waters of lacking a basic understanding of medical technology. It also reiterated its commitment to device cybersecurity.
The company retorted with a defamation lawsuit against Muddy Waters, MedSec Holdings, and other parties involved in the report. In the suit, a still-seething St. Jude argued that Muddy Waters deliberately lied about device security vulnerabilities in order to profit from sliding stock prices (shares fell as much as 10 percent on Aug. 25, 2016—the day the report was released). Moreover, St. Jude claimed Muddy Waters failed to follow standard protocol in sharing cybersecurity vulnerabilities with companies before publicly disclosing them.
“The motive for defendants’ approach is revealed in the first two sentences of the Muddy Waters report: ‘Muddy Waters Capital is short St. Jude Medical Inc.’ Defendants specifically intended to drive down the price of St. Jude’s stock, which they had previously sold short,” St. Jude’s lawsuit stated. “This insidious scheme to try to frighten and confuse patients and doctors by publicly disseminating false and unsubstantiated information in order to gain a financial windfall and thereby cause investors to panic and drive the St. Jude stock price down must be stopped and defendants must be held accountable so that such activity will not be incentivized and repeated in the future.”
Muddy Waters wasn’t too bothered by the charges, as it never denied short selling St. Jude stock (the report readily admits the data would be used in part to help build an “investment case”). But the firm clearly took offense to lawsuit as a whole, contending the filing represented an assault on free speech. “This case provides fundamental issues of First Amendment freedoms,” Muddy Waters countered in an October 2016 court filing. “[St. Jude] seeks to punish and prevent vital discussions about significant risks to the lives and health of ordinary Americans.”
The battle would likely have continued indefinitely had it not been for sharp-eyed FDA inspectors. In January 2017, just days after Abbott Laboratories completed its $25 billion acquisition of St. Jude, the company issued a software patch for its Merlin@home wireless transmitter, a product used to transmit patient data from implantable pacemakers and defibrillators to physicians. An FDA Safety Communication released just days before the patch warned that St. Jude’s implantable cardiac devices used with its Merlin@home wireless transmitter could be “vulnerable to cybersecurity intrusions and exploits,” potentially allowing hackers to remotely access the devices and drain pacemaker battery life, change programmed settings, or even alter the beats and rhythm of the device (though such attacks have never occurred). But an assessment of the software patch found the devices’ health benefits outweigh its cybersecurity risks.
An FDA inspection in February 2017 ultimately turned the tide of war, however. A 10-day checkup of St. Jude’s Sylmar, Calif., facility revealed the company had not adequately addressed the agency’s cybersecurity concerns about the Merlin transmitter. Notably, the FDA observed failures related to corrective and preventive actions, controls, design verification, and design validation. The failures, according to FDA inspectors, rendered some devices “adulterated” under federal law.
With regulatory and fiscal ramifications looming, St. Jude (now Abbott) brokered a cease-fire, issuing a firmware update mere days after the one-year anniversary of Muddy Waters’ scathing cybersecurity report. The FDA-approved update affects the company’s Accent, Accent MRI, Accent ST, Allure, Anthem, and Assurity pacemaker models. An estimated 465,000 U.S. pacemakers are impacted by the update, though there may be an unknown number impacted overseas.
The firmware update is targeted primarily at patients implanted with the affected models of St. Jude’s pacemakers, and healthcare professionals using the devices. In a letter sent to doctors, Abbott noted the three-minute update must be delivered in-person, and advises clinicians to install the patch only if “appropriate given the risk of update for the patient.”
Abbott’s fix is part of Merlin@home v8.2.2, but pacemakers manufactured from Aug. 28, 2017, will already contain the security patch.
“Connected devices are having a significant positive impact for patients and their health,” Robert Ford, executive vice president of Medical Devices for Abbott, said upon the firmware update release. “To further protect our patients, Abbott has developed new firmware with additional security measures that can be installed on our pacemakers. All industries need to be constantly vigilant against unauthorized access. This isn’t a static process, which is why we’re working with others in the healthcare sector to ensure we’re proactively addressing common topics to further advance the security of devices and systems.”
Muddy no more.
Read more: http://bit.ly/yir1701
Less Volume, More Value
Spectrum Health is finding it hard to let go of tradition.
Despite all its innovations in telehealth and digital medicine, the non-profit healthcare system in Western Michigan still manages its supply chain the old-fashioned way—with paper and pencil.
Not surprisingly, such an archaic method has spawned more than its fair share of old-fashioned headaches, namely, keeping abreast of product supply levels and value. Earlier this year, however, the 12-hospital network began modernizing its supply chain management program through a Johnson & Johnson initiative designed to help health systems navigate value-based care.
Using data analytics to identify “critical interdependencies” between performance metrics and ordering behaviors, J&J’s CareAdvantage offering helped Spectrum Health cut weekly out-of-stock devices by 49 percent. Moreover, the program enabled the hospital network to reduce expedited shipping fees a staggering 96 percent and the average number of stock-less days by 18 percent.
“Johnson & Johnson uses its computing power to pull data, run reports, and give recommendations on changing a particular part number. Some part numbers had not been looked at for a while and we were using more supplies and running out as the delivery system grew. We never looked back to see,” Kurt Knoth, Spectrum Health system supply chain vice president, told the New York, N.Y.-based trade journal Health Data Management in August. “There is so much opportunity out there that just gets hidden. Every dollar saved through the supply chain means less worrying about how to pay for doctors and nurses, or cutting people or supplies, while better supporting clinicians.”
And better clinician support ultimately leads to better patient outcomes, a key driver of business model innovation within the value-driven healthcare sphere. In many cases, these strategies are expanding beyond products to include devices and services that reward value rather than volume and meet increasing payer, provider, patient, and caregiver demands.
Some companies are building new business models around data and analytics in an effort to demonstrate value to payers and influence patient behavior. J&J’s 10-month-old CareAdvantage initiative, for instance, analyzes data, identifies mutual areas of focus, and clearly defines goals and responsibilities to improve supply chain optimization. The program helped Salt Lake City, Utah-based Intermountain Healthcare increase inventory returns by 25 percent, save $17,000 annually in product costs, and reduce stockouts 40 percent. “When you’re spending all your time talking about inventory, it’s hard to get to what truly matters,” declared Gordon Slade, supply chain logistics director for the 22-hospital Intermountain network. “Improving outcomes and quality of life—those are the conversations we want to be having, rather than, ‘we might be out of stock.’ “
J&J launched the CareAdvantage service in January, touting it as a “holistic, data-driven approach, grounded in insights” to help companies shift to alternative payment models tied to quality or value. The Advanced Medical Technology Association (AdvaMed) followed suit four months later, launching a new initiative called “Value Framework” to help medtech firms formulate value-based arguments.
AdvaMed’s program features extensive tables of questions, diagnostic technology-specific tools, and reports on understanding evidence and use cases. The framework also allows for different patient populations and urges device companies to contemplate product value over various timeframes (i.e., short- and long-term).
Under development for roughly two years with Deloitte Consulting LLP, the framework incorporates four key “value drivers” critical to understanding any assessment of technology:
- Clinical impact: The extent of clinical utility and health outcomes associated with a medical technology.
- Non-clinical patient impact: The impact on non-medical benefits for the patient (or caregiver) such as patient experience and outcomes (e.g., out-of-pocket costs).
- Care delivery revenue and cost impact: A technology’s impact on revenue or cost for a provider or payer via financial incentives associated with care quality metrics, as well as impact on clinical workflow and other sources of operating efficiency.
- Public/population impact: A technology’s impact on the overall healthcare system and employers, or society as a whole.
“These value drivers go beyond traditional clinical efficiency to capture economic impact across all parts of the healthcare ecosystem, as well as newer patient-focused considerations,” explained Mary Cummins, principal, Deloitte Consulting, life sciences and healthcare strategy practice. “The drivers take into account how a medical technology can impact care delivery and enable meaningful improvements in effectiveness and efficiency that providers and payers need.”
Besides helping medtech firms create comprehensive value-based arguments for existing devices, AdvaMed’s framework encourages manufacturers to integrate value-based thinking into the earliest stages of product development, from ideation and design to evidence collection and regulatory approval.
Whether broad or narrow in scope, medtech business models that embrace value-based care are fundamentally different from traditional fee-for-service contracts, as they require up-front investments and risk sharing. The plans themselves vary greatly, with some companies forging broad, multi-year partnerships that help payers and providers solve difficult challenges. Others are more product-centric but significantly change the way device firms are paid by linking reimbursement to demonstrated outcomes.
J&J and Medtronic plc chose the latter strategy, negotiating agreements this past spring with insurance giant Aetna for value-based pricing that ties payments to outcomes such as A1c levels. The insurer’s contract with J&J applies to the company’s OneTouch Vibe and Ping insulin pumps, while Medtronic’s pact covers pumps featuring SmartGuard technology, including the MiniMed 670G system, the industry’s first hybrid closed loop system.
Medtronic’s contract requires the firm to pay Aetna rebates for type 1 and type 2 diabetics whose health fails to reach “clinical improvement thresholds” after switching to its pumps from multiple daily insulin injections. “This agreement reinforces our shift towards value-based healthcare,” Hooman Hakami, president of the Diabetes Group at Medtronic, said in publicizing the Aetna agreement. “We know technology alone isn’t enough and ultimately, improved outcomes are what matter.”
Read more: http://bit.ly/yir1702
MDUFA 4.0
It was an unusual bill signing, to say the least.
There were no photo opps, no Oval Office guest lists, no special pens, and no speeches. Most surprisingly, there were no theatrics: Not one narcissistic remark was made, or self-serving tweet was sent.
Really.
It was, for all intents and purposes, a rare display of reclusion by President Donald J. Trump.
Thus marked the sequestered birth of the much-debated, long-awaited FDA Reauthorization Act of 2017 (FDARA), signed into law quietly and unceremoniously on Aug. 18. The Trump-approved legislation includes the sixth rendition of prescription drug user fees, the fourth iteration of medical device user fees, and the second versions of both the biosimilar and generic drug user fee agreements.
Capping two years of FDA negotiations with industry and stakeholders, FDARA sets user fees through fiscal 2022 and finances roughly 60 percent of the agency’s pre-market review costs. Under the law’s Medical Device User Fee Amendments (MDUFA IV), FDA is authorized to collect $183.3 million in FY18 fees, a 30 percent increase from the previous year’s post-adjustment estimate.
“FDARA builds upon the goals outlined in previous user fee agreements and in the 21st Century Cures Act and will help us continue the essential work we are doing in many of our priority areas,” directors of the FDA’s drug, device, and biologics centers wrote in an Aug. 21 blog on the agency’s website. “The new law provides critical support for important FDA activities related to medical product regulation.”
Among the support provided by MDUFA IV includes enabling FDA to inspect medical device facilities based on risk, and establishing a flexible, more efficient path to market for certain product accessories. The risk-based inspections, according to FDA officials, will allow the agency’s Center for Devices and Radiological Health to better focus its resources while providing greater predictability and transparency to the inspection process.
MDUFA IV also sets performance goals for various regulatory sanctions, committing for the first time to deciding half of all fiscal 2018 de novo requests within 150 days of filing, and resolving pre-submission meeting applications within two weeks. In addition, the agency agreed to provide written feedback for pre-submissions within 70 days or five days before a scheduled meeting for at least 1,530 pre-submissions received in FY18.
For 510(k) applications, FDA aims to decide 95 percent of 510(k) submissions within 90 days of filing and document an application’s problems after 100 days. PMA reviews have a similar timeline, requiring FDA to relay deficiencies to 95 percent of applicants within 60 days of filing and issue a decision for 90 percent of submissions not requiring an Advisory Committee review within 180 days.
“The MDUFA IV agreement...will expedite the availability of innovative new products, and its enhancements will continue to increase the efficiency of FDA’s programs,” Jeffrey Shuren, M.D., J.D., director of FDA’s Center for Devices and Radiological Health, told a U.S. Senate committee in March. “Improvements in total time to decision, transparency, consistency, and predictability will benefit industry, healthcare providers, and most importantly, patients.”
And FDA as well. MDUFA IV raises user fees for all regulatory submissions, with most averaging a 33 percent hike. The law, which took effect Oct. 1, softens the blow a bit for small businesses (less than $100 million in sales), though it doesn’t exempt them from a 37 percent increase in FDA Establishment fees, or lower any prices as in years past.
Nevertheless, the most significant MDUFA IV fees and hikes are ascribed to FDA’s 510(k) applications and de novo reviews. The agreement more than doubles 510(k) fees for moderate and large-size companies ($4,690 to $10,566) and boosts application costs 13 percent for small firms ($2,345 to $2,642).
The pecuniary onus is even greater for de novo reviews, as the law establishes first-time charges of $23,307 for small companies and a staggering $93,229 for moderate/large entities. Pediatric device submissions are exempt from the fees, as are uncommercialized state- or federal government-driven innovations. The law also waives fees for companies providing FDA with additional data on previously submitted de novo filings.
Resubmissions, however, are subject to additional user fees based on the applicant’s new (or old) chosen market pathway, according to MDUFA IV.
In exchange for its costly de novo fees, FDA promises to improve review times over the next five years, aiming to provide a final decision with 150 days for 70 percent of de novo requests submitted in FY2022. The goal seems practical, considering the amount of work involved with de novo submissions, and FDA’s perpetual failure to meet the statutorily-defined 120-day review period.
De novo review times have fallen significantly since 2009, but the process is still slow and unpredictable, averaging about 259 days, according to FDA data. Further reductions, though, could provide companies with a better, more predictable market pathway and consequently justify the new fees.
“The de novo pathway is essential for allowing brand technology to be incorporated into the whole 510(k) process because otherwise, they’d all have to go PMA, which is completely unrealistic and would kill a lot of technologies,” medtech law attorney Jeffrey K. Shapiro of Washington, D.C., told Bloomberg BNA in June. “I think that while the user fees are going to be a burden on industry, particularly small companies, there will be a trade-off in terms of greater certainty and a reduction in the timeline and greater predictability. I think investors are going to be happier factoring in paying the fees and getting that certainty of time to be able to get to market.”
Perhaps, but not all companies are willing to make such concessions. Healthcare attorney Bradley Merrill Thompson contends the high fees could make the PMA process more appealing to larger companies and discourage financially- strapped smaller firms from developing “groundbreaking innovations.”
“The bottom line is I started to see some hope for the process,” he noted to Bloomberg BNA, “but the amount of the user fee I fear will discourage innovation.”
Michael Drues agrees.
“I’m not against having a de novo user fee, but the numbers concern me quite a bit,” said Drues, a Ph.D. and president of Grafton, Mass.-based Vascular Sciences, an education, training, and consulting company offering a range of services to medical device, pharmaceutical, and biotech firms. “Comparing the de novo fee to a 510(k), the de novo fee is 10 times more. The question is why? To be fair, a de novo is a little more work for the FDA—a new regulation and product code have to be created, and in some cases, special controls have to be created. But is it 10 times more work for the FDA than a 510(k)? Absolutely not. I think if we are going to have de novo user fees they should be comparable or perhaps slightly higher than a 510(k) but certainly not a 10-fold increase. Can you think of any better way to stifle or kill innovation than by creating those kinds of user fees for the de novo?”
No better way at all.
Read more: http://bit.ly/yir1704
WannaCry? Think Cyber(in)security
Tempers tend to flare around Billy Rios.
As a professional computer hacker, the former U.S. Marine walks a fine line between sinner and saint, deliberately exposing cybersecurity flaws to the dismay of a digitalized planet. He’s tampered with weapons systems, aircraft components, hospital IT networks, Internet search engines, and in a personal coup de grace, has even infiltrated America’s electrical grid, successfully breaching Washington State’s largest public utility two years ago to help officials there better safeguard the power supply.
Many of Rios’ clients have jumped at the chance to fix their network vulnerabilities following escalating cyber attacks but a few of his hacking targets have been slow to improve security despite the obvious risks of complacency. Some of Rios’ most vocal critics hail from the healthcare arena, an industry that digital saboteurs claim is woefully unprepared to protect its technology or its patients.
Those critics have swelled significantly in rank over the last several years as Rios and other independent researchers have dramatically exploited security flaws in pacemakers and insulin infusion pumps. In one now infamous case, a security consultant and diabetic hijacked his own insulin pump at a global hacking conference, demonstrating the ease with which it could be controlled to deliver a potentially lethal dose. Shortly thereafter, a New Zealand hacker publicly shared the blueprint for pacemaker tampering, and Rios followed suit by tampering with an eBay purchased infusion pump, eventually disclosing the breach to the federal government via home video.
Not surprisingly, the attacks angered medical device makers and hospital administrators, who accused the hackers of fear mongering. Rios recalled to Bloomberg a particularly troubling instance of beratement during a 2014 conference call with device vendors and industry executives. “It wasn’t just someone saying, ‘Hey, you suck,’ or something, but truly, literally, screaming,” he told the magazine. “All their devices are getting compromised, all their systems are getting compromised. All their clinical applications are getting compromised—and no one cares. It’s just ridiculous, right? And anyone who tries to justify that it’s OK is not living in this world. They’re in a fantasyland.”
There are likely far fewer residents of that dream world nowadays as the medtech industry contends with fallout from the springtime blitz of the WannaCry cryptoworm and Petya malware attacks. Both incidents left collateral damage in the healthcare sector and intensified demands for improved device cybersecurity.
The May 12 WannaCry assault infected roughly 200,000 Microsoft Windows systems in 150 countries, locking down computers at 48 U.K. hospital trusts and contaminating Bayer AG-branded radiology equipment used to improve MRI imaging. The German multinational was reluctant at first to confirm the casualty but eventually identified the affected products as the Medrad Stellant and Medrad MRXperion control room units (Certegra Workstations), Certegra and VirtualCare devices, Medrad Intego RDMS, and Certegra Connect.CT.
Like other victims, Bayer scrambled to deploy a Microsoft security patch that was released in March but not widely implemented. BD, GE Healthcare, and Siemens all warned customers of the potential for WannaCry contagion without explicitly affirming whether the ransomware impacted their equipment. BD provided its clients with a list of more than two dozen products running Microsoft Windows operating systems (BD Alaris Server, BD EpiCenter, BD FACS Aria Fusion, BD FACS Celesta, BD GenCell CliC, BD Kiestra InoqulA, among others), while Siemens admitted its Multi-Modality Workplace (a hospital radiology imaging platform) and MAGNETOM MRI (magnetic resonance imaging) tubes were susceptible to the worm.
“WannaCry proves how insecure these devices are,” Christopher Frenz, infrastructure director at New York, N.Y.-based Interfaith Medical Center, noted at an August hacker conference. “It wasn’t even targeted to medical devices and it was still picked up.”
Petya was equally as unsparing when it struck in late June. Mostly impacting the finance, oil and gas, and manufacturing industries, the ransomware also corrupted thousands of computer systems at pharmaceutical giant Merck and crippled a hospital system north of Pittsburgh, Pa. The outbreak spread through an update sent by Ukranian financial software firm MeDoc, according to a security researcher credited with ending the WannaCry epidemic.
Besides slowing operations at Boryspyl International Airport near Ukraine’s capital Kyiv and impacting the radiation monitoring system at the Chernobyl nuclear plant ruins, Petya forced the cancellations of some surgeries at Beaver, Pa.-based Heritage Valley Health System. It also compromised operations at Heritage’s two hospitals and 18 satellite centers.
“Every time we see something successful like WannaCry and Petya, you see other actors learning from that rather quickly, and they are able to replicate that style of attack,” Chris Wysopal, co-founder and chief technology officer at Burlington, Mass., cybersecurity firm Veracode, told the Miami Herald in August. “It’s going to get worse.”
Such gloomy prospects helped spawned a legislative proposal this fall to create a public-private stakeholder partnership for mitigating medtech cybersecurity risks. The alliance, spearheaded by the U.S. Food and Drug Administration, would identify the top cybersecurity standards, frameworks, and best practices currently available to address medtech safety vulnerabilities. The group would be required to issue a progress report within 18 months.
Introduced Oct. 5 by U.S. Reps. Susan Brooks (R-Ind.) and Dave Trott (R-Mich.), the Internet of Medical Things Resilience Partnership Act builds on recommendations issued by the Health Care Industry Cybersecurity Task Force earlier this year.
“There are millions of medical devices susceptible to cyber attacks and oftentimes, we are wearing these networked technologies or even have them imbedded in our bodies,” Brooks said upon introducing the bill. “Bad actors are not only looking to access sensitive information, but they are also trying to manipulate device functionality. This can lead to life-threatening cyber-attacks on devices ranging from monitors and infusion pumps, to ventilators and radiological technologies.”
“As the number of connected medical devices continue to grow, so does the urgency to establish guidelines for how to prevent these kinds of dangerous attacks,” she added. “It is essential to provide a framework for companies and consumers to follow so we can ensure the medical devices countless Americans rely on and systems that keep track of our health data are protected.”
Perhaps then medtech will WannaCry for joy.
Read more: http://bit.ly/yir1706a
If at First You Don’t Succeed...Fail, Fail Again
The headlines read like a comedy of errors.
“Obamacare Repeal Might Have Just Died Tonight,” New York magazine reported in early January.
Five months later, the magazine ran stories within days of each other on stalled repeal efforts and past strategies for killing the controversial healthcare law. Its long-awaited death seemed close, if not imminent, according to news accounts.
Then, damnation— “Obamacare Lives.” (July 28)
Followed by a confirmation: “Obamacare is Officially Not Collapsing.” (Aug. 24)
Curses! Time to move on.
Or not: “Hold On—Could the GOP’s Last-Ditch Effort to Kill Obamacare Actually Pass?” (Sept. 15)
Nope. False alarm. “The GOP’s Latest Attempt to Repeal Obamacare Won’t Even Get a Vote.” (Sept. 26)
A frustrated Donald Trump was willing to work with Democrats on fixing Obamacare until House Speaker Paul Ryan nixed the idea in the fall. ”Ryan Rejects Bipartisan Health-Care ‘Fix,’ and Now Trump Does Too.” (Oct. 18)
But why listen to Ryan? “Why You Might be Seeing Bipartisan Health-Care Bill in December.” (Oct. 19)
Indeed, Obamacare—a.k.a., the 2010 Affordable Care Act (ACA)—led a wildly chaotic existence this year as President Trump and his Republican cohorts worked to unravel President Barack Obama’s signature domestic achievement. Their tactics changed as often as Trump’s version of the truth, angering Democrats, confounding constituents, and ultimately spawning an independent battle plan from the commander-in-chief himself.
Trump’s solo campaign against Obamacare entailed scrapping health insurance subsidies for low-income families and authorizing the sales of cheaper policies with fewer benefits and fewer consumer protections. The strategy rattled America’s healthcare and political worlds, as it threatened to boost premiums, disrupt insurance markets, and shove Republicans into a renewed civil war over the ACA.
U.S. Senate Health Committee Chairman Lamar Alexander (R-Tenn.) tried heading off hostilities via a bipartisan solution he negotiated with U.S. Sen. Patty Murray (D-Wash.) that would fund cost-sharing insurer subsidies for two years and give states more flexibility to waive Obamacare rules. The proposed legislation also would let more people sign up for high-deductible healthcare insurance, encourage the sale of policies across state lines, and streamline the process of obtaining federal regulatory waivers for innovative health insurance plans.
Perhaps most importantly, the changes offered under the Alexander-Murray compromise upheld protections for patients with pre-existing conditions and maintained coverage for essential health services like maternity care and cancer treatment. The untitled bill had garnered 24 co-sponsors as of Oct. 19—12 from each political party.
“Every Republican in the House of Representatives who voted to repeal and replace Obamacare this year voted for a provision that continued the cost-sharing payments for two years,” Alexander said. “Our bill does the same thing.”
Maybe so, but it nevertheless faces an uphill battle for support: Senate Finance Committee Chairman Orrin G. Hatch wasn’t impressed with the bill (“It’s more of the same. More big spending, more big government, more lack of a solution,” the Utah Republican told CQ Roll Call), and U.S. Rep. Mark Walker (R-N.C.), dissed the deal on social media.
“The GOP should focus on repealing and replacing ObamaCare, not on trying to save it,” the Republican Study Committee chairman wrote on Twitter. “This bailout is unacceptable.”
President Trump thought so too.
“I am supportive of Lamar as a person & also of the process, but I can never support bailing out ins co’s who have made a fortune w/O’Care,” the president tweeted on Oct. 18.
Missing in all of Trump’s ACA twitter noise was his thoughts on the 2.3 percent medical device tax. The president—and Congress, for the most part—were unusually tight-lipped about the levy this year, leaving the medtech industry staring down old demons as the final weeks of suspension drew to a close.
Created in 2010 to help fund expanded healthcare coverage under the ACA, the device tax was suspended for two years in late 2015 as part of a compromise $1.8 trillion spending package. The levy is scheduled to be reinstated on Jan. 1 unless lawmakers act by year’s end to further suspend or repeal it—an outcome that is becoming increasingly unlikely considering the Trump administration’s multiple fumbles with replacing Obamacare.
“Congress must act now to permanently repeal the device tax. Otherwise, medical technology companies will be hit with a tax increase of $20 billion at the end of the year, which will create a ripple effect for years to come,” Todd Usen, president of the Medical Systems Group at Olympus Corp. of the Americas, wrote in a late-summer op-ed column in the Philadelphia Inquirer. “As a global health-care company focused on minimally invasive medical solutions, we know firsthand the medical device tax will disrupt the industry’s ability to make investments in research and development and bolster the long-term medical innovation pipeline. The industry is making budgetary and planning decisions now that will impact innovations in a decade and needs the certainty that would be engendered through full repeal.”
Industry leaders fought fervently against the tax since its 2013 implementation, arguing the levy decimated the funding necessary to drive innovation and fuel growth. The American Action Forum estimates the device tax cost the industry more than 28,800 jobs during its three-year lifecycle, and warns its resurgence could eliminate another 25,000 positions through 2021.
Reinstatement also is likely to force some old habits: Eighty-eight percent of “innovators” plan to slow hiring and/or eliminate jobs upon the tax’s return, and 77 percent will either slow or stop expansion plans, according to a survey of more than 100 medtech companies by the Washington, D.C.-based Medical Device Manufacturers Association (MDMA). Additionally, 83 percent of the group’s survey respondents said they would decrease R&D investments if the tax took effect again.
“Medical technology innovators have already made difficult decisions as a result of the uncertainty over the device tax, and now is the time to put a permanent end to a policy that the overwhelming majority of Congress agrees is a bad idea,” MDMA President and CEO Mark Leahey said in formal statement in October. “There continues to be strong bipartisan support to repeal the medical device tax, but time is of the essence. It hovers like a dark cloud over innovation and job creation, and it is critical that Congress finishes the job.”
Start preparing for the rainstorm—just in case.
Read more: http://bit.ly/yir1705
Seeking Scale and Scope
And the two became one. Finally.
Abbott Laboratories and Alere Inc. united in wedded bliss this fall, capping a contentious and at times confrontational, 20-month engagement tainted by lawsuits, accounting snafus, an SEC fine, and ultimately, a lower dowry. The pair marched down the mega-merger aisle on Oct. 3—610 days after first going public with their courtship and just a week after the union was sanctioned by U.S. and Canadian anti-trust regulators.
To receive the regulatory blessings, Alere divested its blood gas and cardiac marker testing systems; among them was the Blood Analysis System, which measures blood gas, electrolytes, and metabolites within 30 seconds at bedside.
Abbott expects the marriage to be accretive next year, though a happily-ever-after ending isn’t a guarantee for the couple, as Alere remains under federal investigation for potential Foreign Corrupt Practices Act violations, and continues to spend millions of dollars on diabetes testing supplies that are not insured. Still, Abbott considers its troubled partner to be well worth the $5.3 billion investment, since the union enables the multinational firm to gain significant traction in the fast-growing “point-of-care” market, a sector forecast to nearly double in value over the next five years to $40.5 billion, according to industry data. Perhaps more importantly, however, the alliance also helps Abbott secure gains and boost market share in an otherwise sluggish growth environment.
“Strategically shaping the company to compete and succeed through internal investment and M&A is part of our DNA,” Abbott spokesman Scott Stoffel told the Chicago Tribune after the Alere deal closed.
That same DNA coursed through the veins of many a medtech firm this year as device makers brokered deals that secured long-term growth through diversification and economies of scale. The three mega-mergers announced in the first half of 2017 tellingly illustrate the need for scale in increasingly competitive therapeutic areas. Abbott’s $25 billion consolidation with St. Jude Medical Inc., for example, created a formidable leader in the atrial fibrillation, structural heart, and heart failure markets. It also expanded Abbott ‘s footprint in the high-growth neuromodulation sector.
Similarly, Essilor International SA’s $25.2 billion purchase of Luxottica Group SpA combined the world’s largest ophthalmic device manufacturer with an eyewear retail giant, spawning a visual health and eyewear group worth more than 15 billion euros. The deal, announced in January, is the fourth-largest acquisition in medtech history and Essilor’s largest deal to date (before purchasing Luxottica, Essilor’s biggest M&A transaction was its $1.9 billion merger with Transition Optics in 2013). “Scale matters in a space where both Essilor and Luxottica have experienced slowing sales growth as a result of competition from less expensive online rivals,” EY analysts state in the firm’s Pulse of the Industry 2017 report.
Scale also matters outside the visual health space. Accordingly, Becton, Dickinson and Company (BD) easily topped its 2014 megadeal for CareFusion with April’s $24 billion acquisition of C.R. Bard Inc., an S&P 500 firm best known for developing the Foley catheter in 1934. The union gives BD scale in hospital supplies, combining Bard’s minimally invasive devices and ports in the peripheral vascular, urology, hernia, and high-growth oncology and surgery areas with BD’s offerings in intravenous drug delivery systems. With a combined revenue of more than $16 billion, the beefed-up company is expected to boost BD’s non-U.S. growth options in such markets as China, and raise per-share earnings in fiscal year 2019. Moreover, roughly $300 million in annual “pre-tax run-rate cost synergies” are forecast by 2020.
“Consolidating these businesses should enable BD to grow revenue in an area where hospital systems, which have increased their own heft via mergers, are focused on reducing care costs,” EY’s Pulse report notes. “By adding Bard’s products to its portfolio, BD hopes efficiencies of scale and greater volume can boost its fortunes in an era where margins are increasingly tight.”
Better fortunes drove numerous deals this year, matching Allergan plc and ZELTIQ Aesthetics Inc. (2.48 billion); Fresenius Medical Care and NxStage Medical Inc. ($2 billion); Royal Philips and The Spectranetics Corporation ($1.9 billion); Teleflex Inc. and Vascular Solutions ($1 billion); Boston Scientific Corp. and Symetis SA ($435 million); and PerkinElmer Inc. and Euroimmun Medical Laboratory Diagnostics AG ($1.3 billion). The latter merger adds scale to PerkinElmer’s in-vitro diagnostics business while also boosting the company’s footprint outside the United States, particularly in China.
Global expansion and categorical leadership, however, were not the only motivations for corporate hookups. Diversification sparked various unions in 2017, pairing Allergan with Acelity L.P. ($2.9 billion), Svenska Cellulosa Aktiebolaget and BSN medical ($2.86 billion), Hologic with Cynosure ($1.7 billion), Stryker Corp. and Novadaq Technologies ($701 million), and Cardinal Health with Medtronic plc’s medical supplies business. Cardinal’s $6.1 billion cash deal for Medtronic’s patient care, deep vein thrombosis, and nutritional insufficiency units added 23 product categories to the company’s overall lineup, including brands such as Curity, Kendall, Dover, Argyle, and Kangaroo.
While the purchase most certainly expands Cardinal’s reach into the operating room and long-term care areas—domains it fortified two years ago with the acquisition of Johnson & Johnson’s Cordis unit—it also enables the company to diversify beyond its core pharmaceutical business and foster future growth through complementary offerings.
Diversification wasn’t the sole incentive for the Cardinal-Medtronic deal, though. The sale enabled Medtronic to divest a slower-growing business unit it gained as part of its $50 billion merger with Covidien and focus on higher-growth opportunities in its core competency areas (cardiac, vascular, and minimally invasive therapies). Likewise, J&J streamlined its portfolio by selling its Codman Neurosurgery business to Integra LifeSciences Holdings Corp. for $1 billion in February.
“Divestitures and spin-outs allow medtechs to capture additional value by improving capital efficiency, reducing operational complexity, and reallocating capital to higher-growth businesses as the industry invests more R&D dollars in the development of innovative products that demonstrate value in an era of price pressures,” the EY report declares. “Indeed, Medtronic’s sale of its medical supplies business to Cardinal Health and Johnson & Johnson’s divestiture of Codman Neurosurgery to Integra LifeSciences suggest capital efficiency and portfolio optimization will be an ongoing trend in 2018.”
Time will tell.
Read more: http://bit.ly/yir1707